summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEamon Walsh <ewalsh@tycho.nsa.gov>2007-08-29 14:16:46 -0400
committerEamon Walsh <ewalsh@moss-charon.epoch.ncsc.mil>2007-08-29 14:16:46 -0400
commite39694789e31e221fc8dec44ace9c697daf7acad (patch)
tree2ef4e123d2f6f09705384cc02ec88f6b2010009a
parent41355a53c29bbf879da0c6ea562294fcc7ef89ff (diff)
xace: drop map-window checking hook, add new hooks for controlling the
delivery of events to windows and clients. This is tentative. It's likely that an additional last-resort hook will be necessary for code that calls TryClientEvents or WriteEventsToClient directly. It's also possible that new xace machinery will be necessary to classify events and pull useful resource ID's out of them. The failure case also needs some thinking through. Should event delivery "succeed" or should it report undeliverable? Finally, XKB appears to call WriteToClient to pass events. Sigh.
-rw-r--r--Xext/xace.c19
-rw-r--r--Xext/xace.h25
-rw-r--r--Xext/xacestr.h16
-rw-r--r--dix/events.c35
-rw-r--r--dix/window.c5
5 files changed, 75 insertions, 25 deletions
diff --git a/Xext/xace.c b/Xext/xace.c
index 4d34dc3d9..3091ecd32 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -113,10 +113,25 @@ int XaceHook(int hook, ...)
prv = &rec.status;
break;
}
- case XACE_MAP_ACCESS: {
- XaceMapAccessRec rec = {
+ case XACE_SEND_ACCESS: {
+ XaceSendAccessRec rec = {
va_arg(ap, ClientPtr),
+ va_arg(ap, DeviceIntPtr),
va_arg(ap, WindowPtr),
+ va_arg(ap, xEventPtr),
+ va_arg(ap, int),
+ Success /* default allow */
+ };
+ calldata = &rec;
+ prv = &rec.status;
+ break;
+ }
+ case XACE_RECEIVE_ACCESS: {
+ XaceReceiveAccessRec rec = {
+ va_arg(ap, ClientPtr),
+ va_arg(ap, WindowPtr),
+ va_arg(ap, xEventPtr),
+ va_arg(ap, int),
Success /* default allow */
};
calldata = &rec;
diff --git a/Xext/xace.h b/Xext/xace.h
index f1a6e9d8c..c1fc0714f 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -46,18 +46,19 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#define XACE_DEVICE_ACCESS 3
#define XACE_PROPERTY_ACCESS 4
#define XACE_DRAWABLE_ACCESS 5
-#define XACE_MAP_ACCESS 6
-#define XACE_CLIENT_ACCESS 7
-#define XACE_EXT_ACCESS 8
-#define XACE_SERVER_ACCESS 9
-#define XACE_SELECTION_ACCESS 10
-#define XACE_SCREEN_ACCESS 11
-#define XACE_SCREENSAVER_ACCESS 12
-#define XACE_AUTH_AVAIL 13
-#define XACE_KEY_AVAIL 14
-#define XACE_AUDIT_BEGIN 15
-#define XACE_AUDIT_END 16
-#define XACE_NUM_HOOKS 17
+#define XACE_SEND_ACCESS 6
+#define XACE_RECEIVE_ACCESS 7
+#define XACE_CLIENT_ACCESS 8
+#define XACE_EXT_ACCESS 9
+#define XACE_SERVER_ACCESS 10
+#define XACE_SELECTION_ACCESS 11
+#define XACE_SCREEN_ACCESS 12
+#define XACE_SCREENSAVER_ACCESS 13
+#define XACE_AUTH_AVAIL 14
+#define XACE_KEY_AVAIL 15
+#define XACE_AUDIT_BEGIN 16
+#define XACE_AUDIT_END 17
+#define XACE_NUM_HOOKS 18
extern CallbackListPtr XaceHooks[XACE_NUM_HOOKS];
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index c98be3d32..15d39b72e 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -70,12 +70,24 @@ typedef struct {
int status;
} XaceDrawableAccessRec;
-/* XACE_MAP_ACCESS */
+/* XACE_SEND_ACCESS */
+typedef struct {
+ ClientPtr client;
+ DeviceIntPtr dev;
+ WindowPtr pWin;
+ xEventPtr events;
+ int count;
+ int status;
+} XaceSendAccessRec;
+
+/* XACE_RECEIVE_ACCESS */
typedef struct {
ClientPtr client;
WindowPtr pWin;
+ xEventPtr events;
+ int count;
int status;
-} XaceMapAccessRec;
+} XaceReceiveAccessRec;
/* XACE_CLIENT_ACCESS */
typedef struct {
diff --git a/dix/events.c b/dix/events.c
index deae4e340..42c3ba195 100644
--- a/dix/events.c
+++ b/dix/events.c
@@ -1753,8 +1753,10 @@ DeliverEventsToWindow(WindowPtr pWin, xEvent *pEvents, int count,
if (filter != CantBeFiltered &&
!((wOtherEventMasks(pWin)|pWin->eventMask) & filter))
return 0;
- if ( (attempt = TryClientEvents(wClient(pWin), pEvents, count,
- pWin->eventMask, filter, grab)) )
+ if (XaceHook(XACE_RECEIVE_ACCESS, wClient(pWin), pWin, pEvents, count))
+ nondeliveries--;
+ else if ( (attempt = TryClientEvents(wClient(pWin), pEvents, count,
+ pWin->eventMask, filter, grab)) )
{
if (attempt > 0)
{
@@ -1781,7 +1783,10 @@ DeliverEventsToWindow(WindowPtr pWin, xEvent *pEvents, int count,
other = (InputClients *)wOtherClients(pWin);
for (; other; other = other->next)
{
- if ( (attempt = TryClientEvents(rClient(other), pEvents, count,
+ if (XaceHook(XACE_RECEIVE_ACCESS, rClient(other), pWin, pEvents,
+ count))
+ nondeliveries--;
+ else if ( (attempt = TryClientEvents(rClient(other), pEvents, count,
other->mask[mskidx], filter, grab)) )
{
if (attempt > 0)
@@ -1878,6 +1883,8 @@ MaybeDeliverEventsToClient(WindowPtr pWin, xEvent *pEvents,
return XineramaTryClientEventsResult(
wClient(pWin), NullGrab, pWin->eventMask, filter);
#endif
+ if (XaceHook(XACE_RECEIVE_ACCESS, wClient(pWin), pWin, pEvents, count))
+ return 0;
return TryClientEvents(wClient(pWin), pEvents, count,
pWin->eventMask, filter, NullGrab);
}
@@ -1892,6 +1899,9 @@ MaybeDeliverEventsToClient(WindowPtr pWin, xEvent *pEvents,
return XineramaTryClientEventsResult(
rClient(other), NullGrab, other->mask, filter);
#endif
+ if (XaceHook(XACE_RECEIVE_ACCESS, rClient(other), pWin, pEvents,
+ count))
+ return 0;
return TryClientEvents(rClient(other), pEvents, count,
other->mask, filter, NullGrab);
}
@@ -1986,6 +1996,9 @@ DeliverDeviceEvents(WindowPtr pWin, xEvent *xE, GrabPtr grab,
Mask filter = filters[type];
int deliveries = 0;
+ if (XaceHook(XACE_SEND_ACCESS, NULL, dev, pWin, xE, count))
+ return 0;
+
if (type & EXTENSION_EVENT_BASE)
{
OtherInputMasks *inputMasks;
@@ -2829,6 +2842,8 @@ DeliverFocusedEvent(DeviceIntPtr keybd, xEvent *xE, WindowPtr window, int count)
return;
}
/* just deliver it to the focus window */
+ if (XaceHook(XACE_SEND_ACCESS, NULL, keybd, focus, xE, count))
+ return;
FixUpEventFromWindow(xE, focus, None, FALSE);
if (xE->u.u.type & EXTENSION_EVENT_BASE)
mskidx = keybd->id;
@@ -2877,9 +2892,12 @@ DeliverGrabbedEvent(xEvent *xE, DeviceIntPtr thisDev,
if (!deliveries)
{
FixUpEventFromWindow(xE, grab->window, None, TRUE);
- deliveries = TryClientEvents(rClient(grab), xE, count,
- (Mask)grab->eventMask,
- filters[xE->u.u.type], grab);
+ if (!XaceHook(XACE_SEND_ACCESS, thisDev, grab->window, xE, count) &&
+ !XaceHook(XACE_RECEIVE_ACCESS, rClient(grab), grab->window, xE,
+ count))
+ deliveries = TryClientEvents(rClient(grab), xE, count,
+ (Mask)grab->eventMask,
+ filters[xE->u.u.type], grab);
if (deliveries && (xE->u.u.type == MotionNotify
#ifdef XINPUT
|| xE->u.u.type == DeviceMotionNotify
@@ -4530,6 +4548,9 @@ ProcSendEvent(ClientPtr client)
{
for (;pWin; pWin = pWin->parent)
{
+ if (XaceHook(XACE_SEND_ACCESS, client, NULL, pWin,
+ &stuff->event, 1))
+ return Success;
if (DeliverEventsToWindow(pWin, &stuff->event, 1, stuff->eventMask,
NullGrab, 0))
return Success;
@@ -4540,7 +4561,7 @@ ProcSendEvent(ClientPtr client)
break;
}
}
- else
+ else if (!XaceHook(XACE_SEND_ACCESS, client, NULL, pWin, &stuff->event, 1))
(void)DeliverEventsToWindow(pWin, &stuff->event, 1, stuff->eventMask,
NullGrab, 0);
return Success;
diff --git a/dix/window.c b/dix/window.c
index 1a598faca..b6bbdd4cb 100644
--- a/dix/window.c
+++ b/dix/window.c
@@ -2744,8 +2744,9 @@ MapWindow(WindowPtr pWin, ClientPtr client)
return(Success);
/* general check for permission to map window */
- if (XaceHook(XACE_MAP_ACCESS, client, pWin) != Success)
- return Success;
+ if (XaceHook(XACE_RESOURCE_ACCESS, client, pWin->drawable.id, RT_WINDOW,
+ DixShowAccess, pWin) != Success)
+ return Success;
pScreen = pWin->drawable.pScreen;
if ( (pParent = pWin->parent) )